DLP - Microsoft Outlook error when setting the follow-up flag on signed e-mails.

Document ID : KB000050374
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

When the CA DLP Outlook Integration Agent is installed, error messages could be displayed when trying to flag messages that are digitally signed or encrypted.

The CA DLP Outlook Integration Agent sets a custom property on messages it has processed to ensure they do not get processed again. When a digitally signed/encrypted message is read, this property is set directly on the message in the Exchange mailbox. Outlook has its own connection to the message in the Exchange mailbox, and trying to set the follow-up flag will fail because the message has independently been modified by the CA DLP Outlook Integration Agent.

Outlook may display one of the following messages:

"The function can not be executed because the message has been changed".
"You have changed this message. If you save the changes, the message will no longer be digitally signed".
"You do not have sufficient permission to perform this operation on this object. See the folder contact or your system administrator".

Solution:

The CA DLP Outlook Integration Agent has been updated via FIX: RO27746 (Client_12.5_HF028, Client_x64_12.5_HF029) to include a new configuration item. This new configuration option allows the processing of incoming message to be skipped. This means that policy will not be applied to incoming messages and the CA DLP custom property will not be set.

This Hotfix is available to download from the CA Support Portal (support.ca.com).